Suspected member of The Dark Overlord arrested in Serbia

The Dark Overlord, known for a number of breaches and cyber-extortion campaigns in the last two years, is believed to have made US$275,000 from various schemes

Serbian authorities have arrested a man on suspicion of being associated with “The Dark Overlord” (TDO), a prolific hacker or hacking collective that has a number of breaches and cyber-extortion campaigns to its name in the past two years, according to a press release (in Serbian) by the country’s Interior Ministry.

The statement identifies the suspected cybercriminal only by his initials, “S.S.”, together with his birth year (1980) and place of residence (Belgrade). As part of the raid conducted in conjunction with the United States’ Federal Bureau of Investigation (FBI), the police also seized the suspect’s digital equipment. The FBI hasn’t commented on the operation.

Serbian authorities said that TDO has hacked at least 50 victims since first appearing in June 2016 and earned over $275,000 from its illicit activities. The individual or collective often stole various kinds of data, including sensitive health information and intellectual property, before holding the information for ransom.

In fact, it’s not immediately clear how many members the group has or, indeed, if it may actually have been a one-man operation. However, Motherboard writes that it has received a message from “someone in control of the group’s email account” to the effect that the arrest was by no means a death knell for them.

Hack and extort

Some of the TDO’s shenanigans have attracted wide coverage across the globe. In April 2017, we reported that the group had stolen and dumped online previously-unreleased episodes of the Netflix series “Orange is the New Black” (OITNB) after the company didn’t pay a ransom. Meanwhile, blog DataBreaches.net received a list of another three dozen movies and TV shows that TDO claimed to have stolen.

In a bit of a twist in the OITNB tale, Variety wrote in June that Larson Studios, the audio post-production company in which the breach apparently occurred, had in fact ended up paying a ransom of 50 bitcoin (worth approximately US$50,000 at the time) in order to prevent the leak, but to no avail. TDO went ahead and dumped the show’s ten episodes online, claiming that it was a punishment for the company’s reaching out to the FBI – which, incidentally, had advised against paying up.

Six months later, TDO broke into the network of a London-based cosmetic surgery clinic with a range of celebrity customers, stole highly intimate images and data, and threatened to release them.

TDO is also known for hacking into the computer system of a US school and sending ransom demands and graphic death threats to the parents of students, as well as for hawking on the dark web hundreds of thousands of sensitive records reportedly stolen from several US healthcare organizations.

Meanwhile, Serbia’s police have recently had their hands full cracking down on cybercrime. In late April, we wrote that the police joined an international effort that clamped down on webstresser.org, the world’s biggest marketplace for hiring distributed denial-of-service (DDoS) attacks. According to security journalist Brian Krebs, two 19-year-olds from Serbia were arrested during the sting.